View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002512 | OXID eShop (all versions) | 4.02. Session handling | public | 2011-02-11 18:10 | 2011-07-01 13:44 |
| Reporter | tjungcl | Assigned To | |||
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.4.6 revision 32697 | ||||
| Fixed in Version | 4.5.1 revision 38045 | ||||
| Summary | 0002512: Session-Loss | ||||
| Description | when surfing WITHOUT cookies enabled in a oxid-shop, in which the dynamic content cache had been filled before by a user WITH cookies enabled, you loose your session. | ||||
| Steps To Reproduce | -open two browsers, A) with cookies disabled B) with cookies enabled -use B) to open admin, active caching, delete cache -use B) to surf around in frontend. Put something into your basket, open categories, article-details, etc -now use A) to surf around in the frontend. Put something into your basket and you'll get a forced_sid, alright. Now keep surfing, open a category you visited with B) before, an article - and very soon you'll notice the session-loss. --> problem seems to be, that cookie-surfers leave no SIDs in the cache (which is fine). If a cookieless-surfers uses the cache, the links in it still contain no SID. Clicking such a link looses the sid in the url and the session is lost. You should make sure, that when you proccess the cache and isSidNeeded is true, you add a SID to every link, to only replace old sids. | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
| related to | 0002939 | resolved | Arunas | usage without cookies impossible |
| has duplicate | 0002447 | closed | birute_meilutyte | Session loss with inactive cookies and active caching |
